PHP Address Book 3.1.5 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/29560/info PHP Address Book is prone to multiple cross-site scripting and SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an...

PHP-Address Book <= 3.1.5 (SQL/XSS) Multiple Vulnerabilities

No description provided by source. ============================================================ PHP-Address Book SQL/XSS Multiple Remote Vulnerabilities ============================================================ ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH...

PHP Address Book 7.0.0 - Multiple Vulnerabilities

No description provided by source. Advisory: PHP Address Book 7.0.0 Multiple security vulnerabilities Advisory ID: SSCHADV2012-013 Author: Stefan Schurtz Affected Software: Successfully tested on PHP Address Book 7.0.0 Vendor URL: http://sourceforge.net/projects/php-addressbook/ Vendor Status:...

PHP Address Book 6.2.12 Multiple security vulnerabilities

No description provided by source. Advisory: PHP Address Book 6.2.12 Multiple security vulnerabilities Advisory ID: SSCHADV2012-007 Author: Stefan Schurtz Affected Software: Successfully tested on PHP Address Book 6.2.12 Vendor URL: http://sourceforge.net/projects/php-addressbook/ Vendor Status:...

PHP-Address 0.2 e Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5039/info PHP-Address is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. If the remote file is a PHP script, this may allow for execution of attacker-supplied PHP...

CVE-2013-1749

Cross-site scripting XSS vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field...

CVE-2013-1748

Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to 1 edit.php or 2 import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by...

Cross site scripting

Cross-site scripting XSS vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field...

CVE-2013-1748

Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to 1 edit.php or 2 import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by...

CVE-2013-1749

CVE-2013-1749: A cross-site scripting (XSS) flaw is present in edit.php of PHP Address Book 8.2.5, allowing user-assisted remote attackers to inject arbitrary script or HTML via the Address field. The issue is tied to how input in the Address field is handled, enabling script injection in context...

CVE-2013-2778

Cross-site request forgery CSRF vulnerability in addressbook/register/deleteuser.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in addressbook/register/deleteuser.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1...

CVE-2013-0135

CVE-2013-0135 describes multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 that allow remote attackers to execute arbitrary SQL commands via a long list of parameters to various scripts (e.g., addressbook/register/delete_user.php, edit_user.php, edit_user_save.php, reset_password.ph...

CVE-2013-2778

The CVE-2013-2778 entry describes a CSRF vulnerability in PHP Address Book 8.2.5, specifically in addressbook/register/delete_user.php, that allows remote attackers to hijack administrator authentication to delete accounts. This is distinct from CVE-2013-0135. Available connected documents (e.g.,...

PHP Address Book - addressbookregisterchecklogin.php?Username SQL Injection

PHP Address Book - addressbookregisterchecklogin.php?Username SQL Injection source: https://www.securityfocus.com/bid/58911/info PHP Address Book is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. A successful exploit may allow an...

PHP Address Book - addressbookregisteredit_user.php?id SQL Injection

PHP Address Book - addressbookregisteredituser.php?id SQL Injection source: https://www.securityfocus.com/bid/58911/info PHP Address Book is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. A successful exploit may allow an attacker to...

PHP Address Book - addressbookregisteredit_user_save.php Multiple SQL Injections

PHP Address Book - addressbookregistereditusersave.php Multiple SQL Injections source: https://www.securityfocus.com/bid/58911/info PHP Address Book is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. A successful exploit may allow an...

PHP Address Book - addressbookregisterreset_password_save.php Multiple SQL Injections

PHP Address Book - addressbookregisterresetpasswordsave.php Multiple SQL Injections source: https://www.securityfocus.com/bid/58911/info PHP Address Book is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. A successful exploit may allo...

PHP Address Book - addressbookregisterreset_password.php Multiple SQL Injections

PHP Address Book - addressbookregisterresetpassword.php Multiple SQL Injections source: https://www.securityfocus.com/bid/58911/info PHP Address Book is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. A successful exploit may allow an...

PHP Address Book - addressbookregisterlinktick.php?site SQL Injection

PHP Address Book - addressbookregisterlinktick.php?site SQL Injection source: https://www.securityfocus.com/bid/58911/info PHP Address Book is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. A successful exploit may allow an attacker ...